Instructions für complete automation of the certificate ordering process.  The QuickSSLPremium product is used here as an example and DNS is used as the authentication method.
The ordering process for S/MIME certificates differs and is described separately here.

Table of contents

Basics of the JSON and XML API

All important information for the use of the JSON and XML API you can find in the General API Basics and the XML API Basics  and JSON API Basics. The specific SSL objects are documented here, the SSL tasks here.

Process overview

Flow Chart

Task names, codes and routes

TaskCodeRoute
SSLContactCreate400201

POST /sslcontact

CertificatePrepareOrder400110POST /certificate/prepareOrder
CertificateCreate400101POST /certificate
PollInfo0905GET /poll
PollConfirm0906PUT /poll/$id
CertificateInfo

400104

GET /certificate/$id

DNS validation

DNS validation, i.e. validation by zone entry, is supported by many domain-validated certificates.  To do this, for some CAs you must store a specific TXT or CNAME record in the zone belonging to the certificate name. This is checked for validity by the issuing certificate authority. If the corresponding zone is managed by InterNetX, the provisioning of the zone takes place automatically.

Preparation

Connecting SSLManager to AutoDNS

For the automatic provisioning of the zone, you have to connect the SSLManager to your AutoDNS access once. In the SSL Manager go to the User Configuration and click on the menu item Connect SSL Manager to the Domain Administration System.



Do not specify a protocol in the AutoDNS URL, e.g. no "http" or "https".
As Personal ADNS customer please specify the Personal ADNS ID (context), i.e. "personaladnsid.login.autodns.com", all others use the URL "login.autodns.com".
 
The connection in the described way is possible only with AutoDNS X3 but not with AutoDNS Platform.
The connection with AutoDNS Platform is possible in the following way:
- create an AutoDNS account
- import the SSL Manager data. After the import the SSLManager account will be deactivated.

You will then be redirected to the AutoDNS login page. Enter your AutoDNS credentials here to establish the connection.


If necessary, you must enter the URL to your Personal AutoDNS or Registrar AutoDNS yourself.

Note that you must perform the following actions with your SSLManager user.

Create contact

A technical and administrative contact is required to order a QuickSSLPremium certificate. You can use existing contacts or create new contacts. You can use the new contacts for future orders.

Contact create - example

Request 
POST /sslcontact
{
  "fname": "John",
  "lname": "Doe",
  "phone": "+49-123-12345",
  "fax": "+49-123-12345",
  "email": "john.doe@example.com",
  "title": "Admin",
  "organization": "Company",
  "address": [
	"123 Main Street"
  ],
  "pcode": "12345",
  "city": "Anytown",
  "country": "DE",
  "state": "BY"
}
Response 
{
    "stid": "20180926-stid",
    "status": {
        "code": "S400201",
        "text": "Contact was created successfully.",
        "type": "SUCCESS"
    },
    "object": {
        "type": "contact",
        "value": "100"
    },
    "data": [
        {
            "fname": "John",
            "lname": "Doe",
            "phone": "+49-123-12345",
            "email": "john.doe@example.com",
            "title": "Admin",
            "organization": "Company",
            "address": "123 Main Street",
            "pcode": "12345",
            "city": "Anytown",
            "country": "DE",
            "state": "BY",
            "owner": {
                "user": "user",
                "context": 9
            },
            "id": 100
        }
    ]
}
Request 
<request>
    <auth>
        <user>USER</user>
        <context>CONTEXT</context>
        <password>PASSWORD</password>
    </auth>
    <task>
        <code>400201</code>
        <contact>
            <first>Michael</first>
            <last>Mustermann</last>
            <phone>+49-941-1234560</phone>
            <email>michael.mustermann@example.com</email>
            <title>Admin</title>
            <organization>Beispiel GmbH</organization>
            <address>Maximilianstrasse 36000</address>
            <postal_code>93047</postal_code>
            <city>Regensburg</city>
            <country>DE</country>
            <state>Bayern</state>
        </contact>
    </task>
</request>
Response 
<response>
    <result>
        <data/>
        <status>
            <code>S400201</code>
            <text>Contact was created successfully.</text>
            <type>success</type>
            <object>
                <type>contact</type>
                <value>100</value> <!-- The ID of the created contact -->
            </object>
        </status>
    </result>
  <stid>20180926-app1-104</stid>
</response>

Order a QuickSSLPremium certificate

Create DNS record and check CSR

QuickSSLPremium certificates are verified by TXT entries. A new TXT record with specific values must be stored in the zone belonging to the common name (CNAME).

Example TXT : 
example.com. 300 IN TXT "201704071405295z34is5g0jjairsdu0v5opdw8512td8kixzvtaacu4ebrkry5q"

With the CertificatePrepareOrder task, the CSR key provided is checked for the correct bit length, for example, and the required authentication data is generated.

Note that the CSR code must be on a single line. Any existing line breaks must be removed.

Certificate prepare order - example

Request 
POST /certificate/prepareOrder
{
  "plain": "----BEGIN CERTIFICATE REQUEST----- .... -----END CERTIFICATE REQUEST-----",
  "product": "QUICKSSLPREMIUM"
}
Response 
{
    "stid": "20180926-stid",
    "status": {
        "code": "S400110",
        "text": "CSR key was checked successfully.",
        "type": "SUCCESS"
    },
    "data": [
        {
            "plain": "-----BEGIN CERTIFICATE REQUEST----- ... -----END CERTIFICATE REQUEST-----",
            "name": "example.com",
            "keySize": 2048,
            "countryCode": "DE",
            "state": "BY",
            "city": "Regensburg",
            "organization": "Company GmbH",
            "organizationUnit": "Entwicklung",
            "product": "QUICKSSLPREMIUM",
            "authentication": [
                {
                    "method": "EMAIL",
                    "approverEmails": [
                        "admin@example.com",
                        "administrator@example.com",
                        "hostmaster@example.com",
                        "webmaster@example.com",
                        "postmaster@example.com"
                    ]
                },
                {
                    "method": "DNS",
                    "dns": "example.com.\t\t300\tIN\tTXT\t\"201704071405295z34is5g0jjairsdu0v5opdw8512td8kixzvtaacu4ebrkry5q\""
                },
                {
                    "method": "FILE"
                }
            ],
            "algorithm": "RSA",
            "signatureHashAlgorithm": "SHA256"
        }
    ]
}
Request 
<request>
    <auth>
        <user>USER</user>
        <context>CONTEXT</context>
        <password>PASSWORD</password>
    </auth>
    <task>
        <code>400110</code>
        <certificate_request>
            <plain><![CDATA[----BEGIN CERTIFICATE REQUEST----- .... -----END CERTIFICATE REQUEST-----]]></plain>
            <product>QUICKSSLPREMIUM</product>
        </certificate_request>
    </task>
</request>
Response 
<response>
    <result>
        <data>
            <certificate_request>
                <plain><![CDATA[-----BEGIN CERTIFICATE REQUEST----- ... -----END CERTIFICATE REQUEST-----]]></plain>
                <name><![CDATA[example.com]]></name>
                <key_size>2048</key_size>
                <country_code>DE</country_code>
                <state><![CDATA[Bayern]]></state>
                <city><![CDATA[Regensburg]]></city>
                <organization><![CDATA[Company GmbH]]></organization>
                <organization_unit>Entwicklung</organization_unit>
                <email>email@example.com</email>
                <product>QUICKSSLPREMIUM</product>
                <authentication>
                    <method>DNS</method>
                    <dns>example.com. 300 IN TXT "201704071405295z34is5g0jjairsdu0v5opdw8512td8kixzvtaacu4ebrkry5q"</dns>
     				<provisioning>1</provisioning>
                </authentication>
                <authentication>
                    <method>FILE</method>
                    <file_name><![CDATA[http://example.com/.well-known/pki-validation/fileauth.txt]]></file_name>
                    <file_content><![CDATA[201704071405295z34is5g0jjairsdu0v5opdw8512td8kixzvtaacu4ebrkry5q]]></file_content>
                </authentication>
                <algorithm>RSA</algorithm>
                <signature_hash_algorithm>SHA256</signature_hash_algorithm>
            </certificate_request>
        </data>
        <status>
            <code>S400110</code>
            <text>CSR key was checked successfully.</text>
            <type>success</type>
        </status>
    </result>
  <stid>20170407-app1-223</stid>
</response>

Ordering the certificate (certificate create)

With the CertificateCreate task you send the actual order to the system. You must set certain values:

  • Contact:  Enter the contact ID of the required contacts. For QuickSSLPremium these are the administrative and the technical contact.
  • Name: The name of the certificate.
  • Product: The value for QuickSSLPremium is QUICKSSLPREMIUM
  • Authentication: The generated authentication data
  • Term: Specify a term allowed for the certificate. For QuickSSLPremium, this is 12 or 24 months.
  • Software: select APACHESSL or IIS5
  • CSR: The CSR that is part of the certificate

 For the automatic provisioning of the zone, i.e. the automatic triggering of the zone update, it must be managed via AutoDNS and the SSL Manager and AutoDNS systems must be linked. See step Connect SSLManager to AutoDNS

Certificate create - example

Request 
POST /certificate
{
  "adminContact": {
    "id": 100
  },
  "technicalContact": {
    "id": 100
  },
  "name": "example.com",
  "lifetime": {
    "unit": "MONTH",
    "period": 12
  },
  "software": "APACHESSL",
  "csr": "-----BEGIN CERTIFICATE REQUEST----- ... -----END CERTIFICATE REQUEST-----",
  "product": "QUICKSSLPREMIUM",
  "authentication": {
    "method": "DNS",
    "dns": "example.com.\t\t300\tIN\tTXT\t\"201704071405295z34is5g0jjairsdu0v5opdw8512td8kixzvtaacu4ebrkry5q\"",
    "provisioning": true
  }
}
Response 
{
    "stid": "20180926-stid",
    "status": {
        "code": "N400101",
        "text": "Certificate order was started successfully.",
        "type": "NOTIFY"
    },
    "object": {
        "type": "Certificate",
        "value": "example.com"
    },
    "data": [
        {
            "id": 123456
        }
    ]
}
Request 
<request>
    <auth>
        <user>USER</user>
        <password>PASSWORD</password>
        <context>CONTEXT</context>
    </auth>
    <task>
        <code>400101</code>
        <certificate>
            <technical>
                <id>100</id>
            </technical>
            <admin>
                <id>100</id>
            </admin> 
            <name>example.com</name>
            <product>QUICKSSLPREMIUM</product>
            <authentication>
                <method>DNS</method>
                <dns>example.com. 300 IN TXT "201704071405295z34is5g0jjairsdu0v5opdw8512td8kixzvtaacu4ebrkry5q"</dns> 
                <provisioning>1</provisioning>
            </authentication>
            <lifetime>12</lifetime>
            <software>APACHESSL</software> <!-- APACHESSL / IIS5 -->
            <csr><![CDATA[---------BEGIN CERTIFICATE REQUEST----- .... -----END CERTIFICATE REQUEST-----]]></csr> <!-- Der CSR KEY -->
        </certificate>
    </task>
</request>
Response 
<response>
  <result>
    <data>
      <certificate_job>
        <job>
          <id>123456</id>
          <status>RUNNING</status>
        </job>
      </certificate_job>
    </data>
    <status>
      <code>N400101</code>
      <text>Certificate order was started successfully.</text>
      <type>notify</type>
      <object>
        <type>certificate</type>
        <value>example.com</value>
      </object>
    </status>
  </result>
 <stid>20180407-app1-334</stid>
</response>

Receive notifications

The CertificateCreate task automatically generates a request for ordering the certificate. Once the request has been processed, a notification is generated with information about the request. If the order was successful, you receive, among other things, the ID of the certificate ordered. The notification can be retrieved using the Polling and Push methods.

Inquire certificate data

The  CertificateInfo task inquires the certificate data. The data can be queried and confirmed using the ID from the Checking and Confirming Notifications step.

Certificate info - Example

Request 
GET /certificate/$id
Response 
{
    "stid": "20180926-stid",
    "status": {
        "code": "S400104",
        "text": "Certificate data were inquired successfully.",
        "type": "SUCCESS"
    },
    "object": {
        "type": "Certificate",
        "value": "example.com"
    },
    "data": [
        {
            "created": "2018-09-26T00:00:00.000+0200",
            "updated": "2018-09-26T11:38:08.000+0200",
            "id": 13258,
            "owner": {
                "user": "user",
                "context": 9
            },
            "orderId": "2695961",
            "adminContact": {
                "id": 100
				...
            },
            "technicalContact": {
                "id": 100
				...
            },
            "name": "example.com",
            "lifetime": {
                "unit": "MONTH",
                "period": 12
            },
            "software": "APACHESSL",
            "csr": "-----BEGIN CERTIFICATE REQUEST----- ... -----END CERTIFICATE REQUEST-----",
            "server": "-----BEGIN CERTIFICATE----- ... -----END CERTIFICATE-----\n",
            "serialNumber": "750C3006B23B90D0F396A3D153EB4C8",
            "product": "QUICKSSLPREMIUM",
            "expire": "2019-09-26T12:00:00.000+0200",
            "authentication": {
                "method": "DNS",
                "dns": "example.com.\t\t300\tIN\tTXT\t\"201704071405295z34is5g0jjairsdu0v5opdw8512td8kixzvtaacu4ebrkry5q\"",
                "provisioning": true
            },
            "certificateTransparencyPrivacy": "PUBLIC",
            "domain": "example.com"
        }
    ]
}
Request 
<request>
    <auth>
        <user>USER</user>
        <context>CONTEXT</context>
        <password>PASSWORD</password>
    </auth>
    <task>
        <code>400104</code>
        <certificate>
            <id>100</id>
        </certificate>
    </task>
</request>
Response 
<response>
  <result>
    <data>
      <certificate>
        <order_id>1003396954</order_id>
        <technical>
          <first>John</first>
            <last>Doe</last>
            <phone>+49-941-1234560</phone>
            <email>k.doe@example.com</email>
            <title>Admin</title>
            <organization>Example GmbH</organization>
            <address>Maximilianstrasse 36000</address>
            <postal_code>93047</postal_code>
            <city>Regensburg</city>
            <country>DE</country>
            <state>Bayern</state>
          <owner>
            <user>USER</user>
            <context>CONTEXT</context>
          </owner>
          <updater>
            <user>USER</user>
            <context>CONTEXT</context>
          </updater>
          <id>20398</id>
          <created>2017-01-01 10:35:22</created>
          <updated>2017-01-01 01:05:07</updated>
        </technical>
        <admin>
          <first>John</first>
            <last>Doe</last>
            <phone>+49-941-1234560</phone>
            <email>j.doe@example.com</email>
            <title>Admin</title>
            <organization>Example GmbH</organization>
            <address>Maximilianstrasse 36000</address>
            <postal_code>93047</postal_code>
            <city>Regensburg</city>
            <country>DE</country>
            <state>Bavaria</state>
          <owner>
            <user>USER</user>
            <context>CONTEXT</context>
          </owner>
          <updater>
            <user>USER</user>
            <context>CONTEXT</context>
          </updater>
          <id>20398</id>
          <created>2017-01-01 10:35:22</created>
          <updated>2017-01-01 01:05:07</updated>
        </admin> 
        <name>example.com</name><!-- ertificate name -->
        <lifetime>12</lifetime><!-- certificate runtime -->
        <software>APACHE2</software>
        <csr><![CDATA[----BEGIN CERTIFICATE REQUEST----- .... -----END CERTIFICATE REQUEST-----]]></csr>
        <server><![CDATA[----BEGIN CERTIFICATE ----- .... -----END CERTIFICATE-----]]></server>
        <serial_number>SERIALNUMBER</serial_number>
        <product>QUICKSSLPREMIUM</product>
        <sha>SHA2</sha>
        <expire>2030-01-01 23:59:59</expire><!-- certificate expire date -->
        <extension />
        <certification_authority>
          <ca_type>ICA1</ca_type>
          <ca_cert><![CDATA[----BEGIN CERTIFICATE ----- .... -----END CERTIFICATE-----]]></ca_cert>
        </certification_authority>
        <authentication>
          <method>DNS</method>
          <dns>example.com. 300 IN TXT "201704071405295z34is5g0jjairsdu0v5opdw8512td8kixzvtaacu4ebrkry5q"</dns>
        </authentication>
        <owner>
          <user>USER</user>
          <context>CONTEXT</context>
        </owner>
        <updater>
          <user>USER</user>
          <context>CONTEXT</context>
        </updater>
        <id>100</id><!-- certificate id -->
        <created>2017-01-01 00:00:00</created>
        <updated>2017-01-01 14:30:36</updated>
      </certificate>
    </data>
    <status>
      <code>S400104</code>
      <text>Certificate data were inquired successfully..</text>
      <type>success</type>
      <object>
        <type>certificate</type>
        <value>example.com</value><!-- certificate name -->
      </object>
    </status>
  </result>
 <stid>20181015-app1-672</stid>
</response>